Lucene search

[email protected]NVD:CVE-2017-2620

HistoryJul 27, 2018 - 7:29 p.m.

CVE-2017-2620

2018-07-2719:29:00

CWE-125

CWE-787

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Affected configurations

NVD

Node

qemuqemuRange<2.8.0

Node

citrixxenserverMatch6.0.2

citrixxenserverMatch6.2.0sp1

citrixxenserverMatch6.5sp1

citrixxenserverMatch7.0

citrixxenserverMatch7.1

redhatopenstackMatch5.0

redhatopenstackMatch6.0

redhatopenstackMatch7.0

redhatopenstackMatch8

redhatopenstackMatch9

redhatopenstackMatch10

debiandebian_linuxMatch7.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

xenxenRange≤4.7.1

xenxenMatch4.7.1r1

xenxenMatch4.7.1r2

xenxenMatch4.7.1r3

xenxenMatch4.7.1r4

xenxenMatch4.7.1r5

xenxenMatch4.7.1r6

xenxenMatch4.7.1r7

References

rhn.redhat.com/errata/RHSA-2017-0328.html

rhn.redhat.com/errata/RHSA-2017-0329.html

rhn.redhat.com/errata/RHSA-2017-0330.html

rhn.redhat.com/errata/RHSA-2017-0331.html

rhn.redhat.com/errata/RHSA-2017-0332.html

rhn.redhat.com/errata/RHSA-2017-0333.html

rhn.redhat.com/errata/RHSA-2017-0334.html

rhn.redhat.com/errata/RHSA-2017-0350.html

rhn.redhat.com/errata/RHSA-2017-0351.html

rhn.redhat.com/errata/RHSA-2017-0352.html

rhn.redhat.com/errata/RHSA-2017-0396.html

rhn.redhat.com/errata/RHSA-2017-0454.html

www.openwall.com/lists/oss-security/2017/02/21/1

www.securityfocus.com/bid/96378

www.securitytracker.com/id/1037870

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620

lists.debian.org/debian-lts-announce/2018/02/msg00005.html

lists.debian.org/debian-lts-announce/2018/09/msg00007.html

lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html

security.gentoo.org/glsa/201703-07

security.gentoo.org/glsa/201704-01

support.citrix.com/article/CTX220771

xenbits.xen.org/xsa/advisory-209.html

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for NVD:CVE-2017-2620

freebsd1 redhat12 fedora4 openvas29 nessus56 oraclelinux5 gentoo2 xen1 debiancve1 prion1 centos3 ubuntucve1 cvelist1 cve1 redhatcve1 veracode1 alpinelinux1 osv5 suse12 debian4 ubuntu1